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DETAILED ACTION 



1. 



Claims 1-27 have been examined. 



Claim Objections 



2. Claim 24 is objected to because of the following informalities: "to be 
replaces" (line 3) should be changed to "to be replaced". Appropriate 
correction is required. 



Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 



therefor, subject to the conditions and requirements of this title. 

4. Claims 1-15 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. Claims 1-15 are 



directed to a protocol which does not fall within one of the four statutory 
classes of § 101. Applicant is suggested to change the claimed subject 
matter from a protocol to a method. For prior-art rejection purposes, the 
claims are treated as method claims. 

5. Claims 16-20 are rejected under 35 U.S.C. 101. The claimed 
inventions are directed to a method for secure replacement of private keys; 



Claim Rejections - 35 USC §101 



3. 



35 U.S.C. 101 reads as follows: 
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however, the claimed method is not complete because the claims do not 
recite any step(s) for replacing the private keys. Since the claimed method 
does not achieve its intended purpose, it does not have a practical 
application and are non-statutory. 

6. Claims 21-27 are rejected under 35 U.S.C. 101 because the claims are 
directed to non-statutory subject matter. Regarding claim 21, it is not 
tangibly embodied as it is only software per se. For an apparatus or a 
machine to be a physical object, at least one recited element must be 
hardware. Since all elements of the claim can be reasonably interpreted in 
light of the disclosure by one of ordinary skill as software alone (page 8, 
lines 20-22), the claim is directed to software per se and is non-statutory. 



da im Rejections - 35 USC §112 

7. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and 
distinctly claiming the subject matter which the applicant regards as his invention. 

8. Claim 6 is rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. Claim 6 recites the 
limitation "deleting the SKRP key". The SKRP key is the new/updated key. 
It is not clear why the method for key replacement deletes the new/updated 
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key. For prior-art rejection purpose, the limitation is interpreted as "deleting 
the identified private key". 

9. Claim 10 is rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. Claim 10 recites the 
limitation "comparing the read key identifier to key identifiers of previously 
deleted private keys" (lines 4-5). It is not clear how identifiers of keys can 
be used if keys have been deleted. 

10. Claims 16-20 are rejected under 35 U.S.C. 112, second paragraph, as 
being incomplete for omitting essential steps, such omission amounting to a 
gap between the steps. See MPEP § 2172.01. The omitted steps are: 
replacing the one or more private key and singing the challenge with the 
SKRP keys (fig. 7, steps 560-570). 

11. Claim 24 is rejected under 35 U.S.C. 112, second paragraph, as being 
incomplete for omitting essential steps, such omission amounting to a gap 
between the steps. See MPEP § 2172.01. The omitted steps are: reject the 
SKR request if the identity of the private key to be replaced matches any of 
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the identities of the previously deleted private keys. This step is used to 
detect replay attack. 

Claim Rejections - 35 USC §103 

12. The following is a quotation of 35 U.S.C. 103(a) which forms the basis 
for all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having 
ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

13. Claims 1-6, 14-16, 18-21 and 25-26 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Asanoma et al. (2003/0056099) in view 
of Chen et al. (7,099,476). Asanoma discloses a method and apparatus for 
updating a private key in a smart card containing multiple private keys 
(Abstract; figure 5). Chen discloses a method for updating a ciphering key 
including the steps for verifying that a correct key has been updated 
(Abstract; fig. 2, steps 220-250). 

Regarding claims 1-6, 16, 18-21 and 25-26, Asanoma discloses a 
method and apparatus for secure replacement of a private key in a smart 
card containing multiple private keys, comprising: receiving a rekey request 
including an encrypted replacement private key (fig. 7, step 22); 
authenticating the rekey request (i.e., decrypting the encrypted replacement 
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private key using a key shared with a central system) (fig. 7, step 25); 
replacing the private key with the replacement private key (fig. 7, step 25). 
Asanoma does not explicitly disclose that the rekey request identifies a 
private key for replacement; however, this feature is deemed to be inherent 
to Asanoma method because figures 5 and 9 show that the smart card 
stores multiple private keys. The smart card would not know which key 
among the stored private keys to be updated if the request did not include 
the identifier of the key to be updated. 

Asanoma does not discloses sending a challenge to the smart card 
where a key is to be updated, encrypting the challenge with the 
new/updated key, and returning the encrypted challenge. Chen discloses a 
method for updating a ciphering key at a node including sending a challenge 
to the node where a key is to be updated, encrypting the challenge with the 
new/updated key, and returning the encrypted challenge (fig. 2, steps 220- 
250). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify Asanoma's method to include the 
steps of sending a challenge to the smart card where a private key is to be 
updated, encrypting the challenge with the updated private key, and 
returning the encrypted challenge, as taught by Chen. The motivation for 
doing so would have been to confirm that a correct key has been updated 
(col. 6, lines 46-49). 
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Regarding claims 14-15, Asanoma does not disclose that the private 
key is used to access a document, to perform on-line banking/purchasing or 
to view a web site content. Official Notice is taken that both concept and 
advantage of using public key infrastructure (PKI) in different fields including 
content access and/or on-line transactions are well known and expected in 
the art. It would have been obvious to use the private key in different fields 
including content access and/or on-line transactions as the PKI is known for 
providing better security and easier key management. 

14. Claims 7-8, 17, 22-23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Asanoma and Chen as applied to claims 1, 16 and 21 
above, and further in view of Shambroom (6,198,824). Asanoma does not 
disclose that the rekey request includes a time stamp. Shambroom 
discloses including a timestamp in a message to restrict replay attacks (col. 
8, lines 4-10). It would have been obvious to modify the combined method 
of Asanoma and Chen to include a time stamp in the rekey request, as 
taught by Shambroom, in order to restrict replay attack (col. 8, lines 4-10). 

15. Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Asanoma, Chen and Shambroom as applied to claim 8 above, and further in 
view of Morimoto (7,024,553). Asanoma, Chen and Shambroom do not 
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disclose a time limit for rekeying. Morimoto discloses a method for updating 
encryption keys wherein the time limit for rekeying is one day or more 
depending on system requirements. It would have been obvious to one of 
ordinary skill in the art at the time the invention was made to modify the 
combined method of Asanoma, Chen and Shambroom to set the time limit 
for rekeying to one day or more, as taught by Morimoto, in order to meet 
the system requirements. 

16. Claims 11-12 and 27 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Asanoma and Chen as applied to claims 1 and 25 above, 
and further in view of Appenzeller et al. (6,886,096). Asanoma discloses 
receiving the rekey request from a key generator (fig. 3, element 11) which 
is separate from a certificate authority (fig. 3, element 22). Appenzeller 
discloses that a key generator and a certificate authority can be combined 
into one entity (col. 21, lines 18-24). It would .have been obvious to one of 
ordinary skill in the art at the time the invention was made to modify the 
method of Asanoma and Chen to combine the key generator and the 
certificate authority into one entity, as taught by Appenzeller. The 
motivation for doing so would have been to reduce network traffic 
communicated between them. 
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17. Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Asanoma and Chen as applied to claim 1 above, and further in view of 
Menezes et al. ("Handbook of Applied Cryptography"). Asanoma does not 
disclose signing the rekey request and verifying the corresponding signature. 
Menezes discloses signing a message containing key information and 
verifying the signature of the message by the receiver (page 509, Section 
12.5.2, first paragraph). It would have been obvious to one of ordinary skill 
in the art at the time the invention was made to modify the combined 
method of Asanoma and Chen to sign the rekey request and verifying the 
corresponding signature, as taught by Menezes. The motivation for doing so 
would have been to provide source authentication (page 509, Section 
12.5.2, first paragraph). 

Allowable Subject Matter 

18. Subject to the above 101 and 112, 2 nd paragraph, rejections, claims 
10 and 24 would be allowable over the prior art of record if rewritten to 
include all of the limitations of the base claim and any intervening claims. 

19. The following is a statement of reasons for the indication of allowable 
subject matter. Regarding claim 10, the limitation "reading a key identifier 
of the private key; comparing the read key identifier to key identifiers of 
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previously deleted private keys; and rejecting the key request if the read 
key identifier matches any of the key identifiers of previously deleted keys", 
in combination with elements of the parent claims, have not been taught by 
prior art. Claim 24 is an apparatus claim corresponding to claim 10. 

Conclusion 

20. The prior art made of record and not relied upon is considered 
pertinent to applicant's disclosure. 

U.S. Patent No. 5,680,458 to Spelman et al. 

U.S. Patent No. 6,240,187 to Lewis 

U.S. Patent No. 6,978,017 to Wiener et al. 

U.S. Patent No. 7,206,936 to Aull et al. 

Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Minh Dinh whose telephone number 
is 571-272-3802. The examiner can normally be reached on Mon-Fri: 

f 

10:00am-6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gilberto Barron can be reached on 571-272-3799. 
The fax phone number for the organization where this application or 
proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained 
from the Patent Application Information Retrieval (PAIR) system. Status 
information for published applications may be obtained from either Private 
PAIR or Public PAIR. Status information for unpublished applications is 
available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic Business Center 
(EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 
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Minh Dinh 
Examiner 
Art Unit 2132 
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